Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/05/2024, 22:10
Static task
static1
Behavioral task
behavioral1
Sample
43457f5a2a8d562147c45d8b6b71b87b_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
43457f5a2a8d562147c45d8b6b71b87b_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
43457f5a2a8d562147c45d8b6b71b87b_JaffaCakes118.html
-
Size
117KB
-
MD5
43457f5a2a8d562147c45d8b6b71b87b
-
SHA1
03e48352cc1cc5a7f480864b367de773a8647459
-
SHA256
0b0cfb6485bb2e1012687bb6580b53446772e0fa39231680f830339819d643ad
-
SHA512
da792a6b10b352d22598433a201d1d9d67c338004eddc29110bdac239a09d3f8cbd55723fff102ae58a88b0d48284cd1285c69057e1f245e2e07f05e3b6bd1f3
-
SSDEEP
1536:S0/+f5AJyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:Srf5CyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3596 msedge.exe 3596 msedge.exe 2928 msedge.exe 2928 msedge.exe 1200 identity_helper.exe 1200 identity_helper.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2928 wrote to memory of 3088 2928 msedge.exe 81 PID 2928 wrote to memory of 3088 2928 msedge.exe 81 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 2588 2928 msedge.exe 82 PID 2928 wrote to memory of 3596 2928 msedge.exe 83 PID 2928 wrote to memory of 3596 2928 msedge.exe 83 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84 PID 2928 wrote to memory of 3576 2928 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43457f5a2a8d562147c45d8b6b71b87b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb923947182⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16698031445284252980,15029621490722683527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5940 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:324
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
6KB
MD5415a5effa1c75e38aec7b63b942b59c7
SHA18b0a532c7d25ecd3ed212d32b288c59878c41eab
SHA2568b7f96a00a3d7febbe5271b4b2958688fdfea92defefd24bbd23021492e4571d
SHA5129a72b017cb06620dfa4e792488df0ce5883262a037719d75028579bdca1acd3cee1f37288b0a0f32107d44a5ae9ccfa4f03ed2ce48076c9f0dec35c363bef7cc
-
Filesize
6KB
MD5b57698f653cdffb444ea1f74e6eb9c3e
SHA1b3cd6cf328f1e39d33fba7cae854804f5dd2ea76
SHA256f3750e2032587601146020adb7b75c1265a6ba186f74e53fc5fe73ed2f45a215
SHA512fb36ac1290622609f2fbae82e976225fcf92d83368fcc3089f331bd6fc171627691b9ff265e238073dbb07e4633545c6add3492695e1677d931d52491ed4f60c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD588bd01fe3a1cb31eb7cdbd5eb702b7db
SHA182dc41982d111ccc97123cd08597953ba5e8e8fe
SHA256a043f7f92b7464b299706b75980b0659954a66d053679e1b4b23b8fa1f4aefa7
SHA5124942aeb12402fa0e607096914f1348c4f8b27b6895fc454edcbdab3659abc9c4ca722bb0bd2576acdd42e2fe7216fd9da0ef274db4ef4acfeaef6947c032d3ce